Extracted

Extracted

• • Target

    67e32a73f545f56e1292d6b318f8e3c4.exe

  • Size

    47KB

  • MD5

    67e32a73f545f56e1292d6b318f8e3c4

  • SHA1

    96ca16f9a5b6e359f0dccfa0d6c7532ff047da09

  • SHA256

    07d35c2c242d2c2a7bbf3d70315f7679c90b3f5a32b2ff542fdfca8a0b9cb4c8

  • SHA512

    5ab019270b836231ba7f8b9a5c60bececc02a461f8978424708c7d8460c09347a5a8a1a3ee3b2b54f87a4faf0a4216c9d5e9ccf06dddd932fb93195a4c0df644

  • SSDEEP

    768:guwpFTAY3IQWUe9jqmo2qLj4Q3ijkBPI6Lvl1T0bg7J3HvcNv8OBDZQx:guwpFTA4/2W7Ve6LvlKbg7ZP+bdQx

  Score

  10^/10

  asyncratredlinedefaultdiamotrixcredential_accessdiscoveryexecutioninfostealerpersistencepyinstallerratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Async RAT payload

    rat

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Command and Scripting Interpreter: PowerShell

    Start PowerShell.

    execution

  • Suspicious use of SetThreadContext

  behavioral1behavioral2